The mid-market businesses in the UK have lost around £30 billion ($37 billion) in the past 12 months due to security breaches. A research from business and financial adviser Grant Thornton UK LLP discovered that cyber-attacks are a present danger for businesses in the UK. The research report, named Cyber Security – the Board Report, stated that the businesses are not prepared to manage the cyber risks.
Grant Thornton stated they surveyed over 500 UK mid-market companies, in which half of them reported losses of up to 10 percent of their income over cyberattacks. The research revealed that 63 percent of the companies don’t have a cybersecurity team. Only 36 percent stated that they’ve provided cybersecurity training to their employees. And more than half of the businesses (59%) don’t have a cyber incident action plan, according to the research.
“Boards have a key role to play in ensuring an effective cyber strategy is in place. Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs. With that in mind it is worrying that almost two thirds of the businesses we interviewed do not have a board member responsible for cyber security,” said James Arthur, the head of cyber consulting at Grant Thornton UK LLP.
“While commitment from the top is vital, ensuring your people are properly trained is also essential. Often, companies make themselves vulnerable to attack simply by failing to get the basics right. Training to raise employee awareness can have a hugely positive impact on cyber security. People are often unaware of the important role they play in helping a business to stay protected, so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”
Earlier, a survey from analytics software company FICO revealed that 62 percent of UK firms lack complete cybersecurity insurance. According to the research, only 38 percent of UK firms surveyed have cybersecurity insurance that covers all risks. Telecommunications firms lag other industries regarding cybersecurity insurance, 17 percent of firms reported that they have no coverage. Most of the respondents stated that their premiums are based on inaccurate analysis or unknown factors.
